On Thursday, antivirus firm F-Secure published a brief analysis of a proof-of-concept adware program for the Mac OS X that could theoretically hook into any application to run attacker-specified code. The program, dubbed IAdware by F-Secure, could be silently installed in a user's account without requiring administrator rights.

"We won't disclose the exact technique used here--it's a feature not a bug--but let's just say that installing a System Library shouldn't be allowed without prompting the user," stated F-Secure in the blog post. "Especially as it only requires Copy permissions."